 "Russian hackers said to steal cyber programmes from NSA Contractor")
Russian hackers obtained classified information about National Security Agency cybersecurity programmes after breaching a personal computer used by an agency contractor in 2015, according to a person familiar with the matter.
The contractor, who wasn’t identified, took the classified material home, where Russian hackers stole it by exploiting vulnerabilities in Kaspersky Lab software that he had on his computer, according to the person, who asked not to be identified.
The breach, first reported by the Wall Street Journal, is the latest to plague the NSA involving the use of government contractors. Harold Martin, who was contracted to work at the NSA, was arrested last year and told investigators that he knowingly took home documents and digital files that contained highly classified information.
Martin’s case followed the 2013 revelations of Edward Snowden, who fled his job as an NSA contractor in Hawaii for Hong Kong and then Russia after stealing and releasing a trove of data on classified US data-collection programmes.
While both Martin and Snowden were employed by Booz Allen Hamilton Holding Corp., the official wouldn’t say who employed the contractor in the latest breach.
The NSA, which monitors, collects and processes the most classified communications data for national security purposes, wouldn’t confirm or deny that the incident occurred but said in a statement that it has taken steps to improve its security.
"For the past several years we have continued to build on internal security improvements while carrying out the mission to defend the nation and our allies around the clock," the NSA said. "We’re not relying on only one initiative. Instead, we’ve undertaken a comprehensive and layered set of enterprise defensive measures to further safeguard operations and advance best practices across the intelligence community."
The US government last month banned all use of Kaspersky Lab software in federal information systems, citing concerns about the Moscow-based security firm’s links to the Russian government and espionage efforts.
According to a Homeland Security Department directive, all US agencies were required to identify any Kaspersky products they have used within 30 days and to develop plans to discontinue their use.
“This action is based on the information security risks presented by the use of Kaspersky products,” the DHS said in a statement at the time. “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates US national security.”
Kaspersky denied “inappropriate ties with any government” and criticized the US decision to ban its software as “based on false allegations and inaccurate assumptions, including claims about the impact of Russian regulations and policies.”
Responding to the NSA breach on Thursday, Kaspersky said in a statement on its website that it "has not been provided any evidence substantiating the company’s involvement in the alleged incident."
The contractor, who wasn’t identified, took the classified material home, where Russian hackers stole it by exploiting vulnerabilities in Kaspersky Lab software that he had on his computer, according to the person, who asked not to be identified.
The breach, first reported by the Wall Street Journal, is the latest to plague the NSA involving the use of government contractors. Harold Martin, who was contracted to work at the NSA, was arrested last year and told investigators that he knowingly took home documents and digital files that contained highly classified information.
Martin’s case followed the 2013 revelations of Edward Snowden, who fled his job as an NSA contractor in Hawaii for Hong Kong and then Russia after stealing and releasing a trove of data on classified US data-collection programmes.
While both Martin and Snowden were employed by Booz Allen Hamilton Holding Corp., the official wouldn’t say who employed the contractor in the latest breach.
The NSA, which monitors, collects and processes the most classified communications data for national security purposes, wouldn’t confirm or deny that the incident occurred but said in a statement that it has taken steps to improve its security.
"For the past several years we have continued to build on internal security improvements while carrying out the mission to defend the nation and our allies around the clock," the NSA said. "We’re not relying on only one initiative. Instead, we’ve undertaken a comprehensive and layered set of enterprise defensive measures to further safeguard operations and advance best practices across the intelligence community."
The US government last month banned all use of Kaspersky Lab software in federal information systems, citing concerns about the Moscow-based security firm’s links to the Russian government and espionage efforts.
According to a Homeland Security Department directive, all US agencies were required to identify any Kaspersky products they have used within 30 days and to develop plans to discontinue their use.
“This action is based on the information security risks presented by the use of Kaspersky products,” the DHS said in a statement at the time. “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates US national security.”
Kaspersky denied “inappropriate ties with any government” and criticized the US decision to ban its software as “based on false allegations and inaccurate assumptions, including claims about the impact of Russian regulations and policies.”
Responding to the NSA breach on Thursday, Kaspersky said in a statement on its website that it "has not been provided any evidence substantiating the company’s involvement in the alleged incident."
Bloomberg
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%